The OAuth 2.1 Server beta is awesome. One thing is missing though to support the growth of our business: M2M support, more specifically the client_credentials grant type.
We noticed the docs explicitly calls out that client_credentials and password aren't supported, so I'm guessing that was a deliberate scoping choice for the beta. Any chance you would reconsider?
Most of the plumbing seems to be there already, and M2M feels like the natural counterpart to the MCP and developer platform latest developments. Our agents are running smoothly with these additions, but now integrations and backend jobs are lacking support for a non-user principal.
Our case: I'm the CTO of a B2B SaaS in Finance. We are starting to get more and more non-user principals (mainly partner integrations) that need to call the API on behalf of a tenant rather than a user. Right now we're running a separate token endpoint just for M2M, because we do not want to do ROPC over a synthetic service account.
Would love to know if this is on the roadmap, off the table, or open to a more detailed proposal. Happy to write one up if it'd help.
Pierre Dulac, a CTO of a B2B SaaS in Finance, requests support for the client_credentials grant type in the OAuth 2.1 Server beta. He notes that the current documentation states this is not supported, but argues that M2M support is crucial for their business growth, particularly for partner integrations. He inquires if this feature is on the roadmap and offers to provide a detailed proposal.